A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday.

Adblock Plus on Thursday announced that the open source community had created a filter to neutralize Facebook's latest offensive in its ongoing battle with ad blockers. Any Adblock Plus users who want to implement the workaround will have to update their filterlists manually. "For this round of the cat-and-mouse contest, looks like the mouse won," said Adblock Plus spokesperson Ben Williams.

Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers disclosed. The vulnerabilities, which the researchers dubbed "QuadRooter," affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers. The drivers, which control communications between chipset components, are incorporated into Android builds.

The Linux Mint 18 Sarah will please long-time users and impress new adopters for its growth in features and overall consistent performance. Linux Mint 18, released at the end of June, is a long-term edition supported through 2021. The in-house built Cinnamon desktop and the GNOME 2 fork MATE desktop were available at its introduction. The Xfce edition became available earlier this month.

Linux-operated botnet Distributed Denial of Service attacks surged in this year's second quarter, due to growing interest in targeting Chinese servers, according to a Kaspersky Lab report released this week. South Korea kept its top ranking for having the most command-and-control servers. Brazil, Italy and Israel ranked among the leaders behind South Korea for hosting C&C servers, according to Kaspersky Lab.

Facebook last week launched its Incubator on GitHub in order to distribute its own open source software projects. Facebook has open sourced almost 400 projects to date. New projects will be posted on Incubator pages to gauge community reaction and rate of adoption. Facebook plans to use in-house and actively develop all projects posted on the Incubator page.

The Solus Project version 1.2 shows considerable maturity in the homegrown Budgie desktop. Solus 1.2 is the second minor release in the Shannon series, built around a custom Budgie desktop developed in-house and the eopkg package manager forked from PiSi. Solus is a Linux distribution built from scratch. The Budgie desktop can be set to emulate the look and feel of the GNOME 2 desktop.

Google on Tuesday released an updated version of its Phone app for Android with a new spam protection feature that warns users when an incoming call is likely to be spam. It also lets them block numbers and report spam. The app is available on Google Play.
The spam warning feature works on Nexus and AndroidOne devices on the T-Mobile USA, Project Fi and Orange France networks.

Chrome OS and Android Apps now run together on some Chromebooks. Many, but not all, Chromebook models will get the operating system update that allows it as fall approaches. The Asus Chromebook Flip C100P -- the first Chromebook to get the upgrade -- is an impressive example of what will come with the hybrid integration of Chrome OS and Android apps.

Splice Machine has open sourced its Spark-powered relational SQL database system. The company has set up a cloud-based sandbox for developers to put its new open source Splice Machine 2.0 Community Edition to the test. The company also announced the release of a cluster version and the launch of a developer community site. Splice Machine is designed for high-speed performance.

Microsoft has introduced a new Web-based Skype for Linux client in alpha. Based on WebRTC, it uses Microsoft's next-generation calling architecture. It lets users share files, photos, videos and new emoticons. Users will be able to call others using the latest versions of Skype on Windows, Mac, iOS and Android -- but not with earlier versions of Skype for Linux.

HandyLinux is a distro that offers a simplified approach to using the Linux desktop operating system. HandyLinux first appeared about three years ago. The latest version, 2.5, was released in early June. The developers make it easy to peel off the "Handy" layers to reveal a more standard Linux environment as users learn the system. Those who no longer need the IT tools included with the initial installation can remove them easily.

Bulgaria's Parliament recently passed legislation mandating open source software to bolster security, as well as to increase competition with commercially coded software. Amendments to the Electronic Governance Act require that all software written for the government be Free and Open Source Software-compliant. The new provisions reportedly took effect this week.

Google last week revealed the official name of its next mobile operating system: "Android Nougat." The OS previously went only by "Android N," and Google invited the blogosphere to fill in the blanks. The choice sparked some derision, particularly among those who had preferred "Nutella." "What is nougat anyway?" asked John Jackson, a research VP at IDC. "It's like the 'nog' in eggnog; it doesn't exactly stand alone."

If you want a classy distro with the look and feel of the Microsoft platform, the MakuluLinux LinDoz edition will feed your nostalgia. MakuluLinux developer Jacque Montague Raymer released MakuluLinux 11 LinDoz edition earlier this month after a year and a half in the making. Forked from the Original Aero Edition, it first appeared with the MakuluLinux 9 series.

Red Hat this week announced the release of Fedora 24, an open source Linux operating system maintained by the Fedora Project community. Fedora Linux is the community version of Red Hat Enterprise Linux, or RHEL. Fedora 24 is comprised of a set of base packages that form the foundation of three distinct editions: Fedora 24 Cloud, Fedora 24 Server and Fedora 24 Workstation.

Docker on Monday announced Docker Engine 1.12 with built-in orchestration, which allows automated deployment and management of Dockerized distributed applications and microservices at scale in production. Users can select Docker Swarm mode to turn on built-in orchestration, or they can use their own custom tooling or third-party orchestrators that run on Docker Engine.

Snapcraft -- the Linux package format Canonical developed for Ubuntu -- now works on multiple Linux distros, including Arch, Debian, Fedora and various flavors of Ubuntu.
They're being validated on CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL. "Distributing applications on Linux is not always easy," said Canonical's Manik Taneja, product manager for Snappy Ubuntu Core.

Linux Lite 3.0 is anything but what its name implies. It is a full-featured operating system that lets you get down to serious business right out of the box. It is one of the few out-of-the-box experiences I have had testing Linux distros in which I actually was set up and working in less than five minutes. Linux Lite runs only the lightweight Xfce desktop environment.

Hewlett Packard Enterprise on Tuesday announced it was open-sourcing The Machine to spur development of the infant computer design project. HPE has invited the open source community to collaborate on its largest and most notable research project yet. The Machine focuses on reinventing the architecture underlying all computers built in the past 60 years.

If you want to run a clone of Microsoft Windows to escape the drama of upgrading to Windows 10, try ReactOS -- but do not expect it to be a fully functional replacement any time soon. ReactOS is a free, open source operating system built on the design principles found in the Windows NT architecture. Just remember that ReactOS is a Windows clone and not a Linux distro.

The Linux Foundation on Wednesday announced that it has taken the OpenSwitch Project under its wing. OpenSwitch last year began as a joint project of Hewlett Packard Enterprises, Broadcom, VMware, Accton, Intel and Arista. OpenSwitch is an open source, Linux-based network operating system, or NOS, that works with enterprise-grade switches from multiple vendors.

Voyager Live 16.04 is a Linux distro that could be an ideal choice for everyday computing tasks -- but first it has to step away from its branding with Xubuntu. The once-per-year release of Voyager Live, which hit servers last month, is an Xubuntu-based distribution showcasing the Xfce 4.12.2 desktop environment. It will receive three years of security updates.

Black Duck Software this week released Security Checker, a free tool based on the company's Hub open source security solution. Security Checker is a drag-and-drop, Web-based tool that allows users to determine if known open source vulnerabilities exist in the components used to build applications. It scans the code in an uploaded archive file or Docker image and provides a report showing known bugs.

Rebellin Linux is a smart-looking, fast distro that is both lightweight and secure. It is well worth checking out. The Rebellin line avoids the pitfalls that befall many Debian GNU/Linux derivatives. It does not maintain a warehouse full of desktop versions. It is neither a minimalistic Linux line nor a distro stuffed with bloat from packages typical users will never need.

The Linux Foundation on Thursday announced that Brian Behlendorf, a primary developer of the Apache Web server, has joined the Hyperledger Project as executive director. The project is a collaborative effort to advance blockchain technology by identifying and addressing important features for an open standard for distributed ledgers that will apply across industries.

The Devuan GNU/Linux community's much-awaited Devuan Linux Jessie 1.0 beta release is available. It took two years for disgruntled Debian community members to make good on their promise of a systemd-free Debian distro. They rejected a Linux-wide trend to replace older init processes such as Upstart and System V with systemd. The process of forking Debian into Devuan took much longer than expected.

Docker this week announced the rollout of security scanning technology to safeguard container content across the entire software supply chain. Docker Security Scanning is an opt-in service for Docker Cloud private repository plans. It provides a security assessment of the software included in container images. It enables detailed image security profiles.

Simplicity Linux delivers a simpler way to run a fully powered Linux desktop on any computer you touch. It is derived from Puppy Linux. Two beta versions released in March offer experimental approaches that stray from the distro's standard releases. If you're familiar with Puppy Linux but have not yet taken Simplicity for a walk, you're missing out some interesting Linux computing experiences.

Commercial software is full of security vulnerabilities from unpatched open source components developers use, according to a report Black Duck Software issued last week. Software companies misjudge how much open source code their commercial products contain, according to the report, which is based on an analysis of 200 applications researchers viewed over the previous six months.